diff options
| author | Gurusamy Sarathy <gsar@cpan.org> | 1999-09-12 20:08:56 +0000 |
|---|---|---|
| committer | Gurusamy Sarathy <gsar@cpan.org> | 1999-09-12 20:08:56 +0000 |
| commit | 7d5ea4e771e13c538d9f0504cb48d13891fcb5c9 (patch) | |
| tree | 93907373e9324237af6ad6dc9d46db3dd003ca30 /pod | |
| parent | 2b8dc4d2eb8ad36cf53b962575087dfa9dc6d602 (diff) | |
| download | perl-7d5ea4e771e13c538d9f0504cb48d13891fcb5c9.tar.gz | |
make sprintf("%g",...) threadsafe; only taint its result iff the
formatted result looks nonstandard
p4raw-id: //depot/perl@4130
Diffstat (limited to 'pod')
| -rw-r--r-- | pod/perlfunc.pod | 7 | ||||
| -rw-r--r-- | pod/perlguts.pod | 12 |
2 files changed, 14 insertions, 5 deletions
diff --git a/pod/perlfunc.pod b/pod/perlfunc.pod index 0d47260e10..995a671110 100644 --- a/pod/perlfunc.pod +++ b/pod/perlfunc.pod @@ -4120,6 +4120,13 @@ If C<use locale> is in effect, the character used for the decimal point in formatted real numbers is affected by the LC_NUMERIC locale. See L<perllocale>. +To cope with broken systems that allow the standard locales to be +overridden by malicious users, the return value may be tainted +if any of the floating point formats are used and the conversion +yields something that doesn't look like a normal C-locale floating +point number. This happens regardless of whether C<use locale> is +in effect or not. + If Perl understands "quads" (64-bit integers) (this requires either that the platform natively supports quads or that Perl has been specifically compiled to support quads), the characters diff --git a/pod/perlguts.pod b/pod/perlguts.pod index 93d4bd70c4..af12297ec3 100644 --- a/pod/perlguts.pod +++ b/pod/perlguts.pod @@ -3649,24 +3649,26 @@ Like C<sv_usepvn>, but also handles 'set' magic. void sv_usepvn_mg (SV* sv, char* ptr, STRLEN len) -=item sv_vcatpvfn(sv, pat, patlen, args, svargs, svmax, used_locale) +=item sv_vcatpvfn Processes its arguments like C<vsprintf> and appends the formatted output to an SV. Uses an array of SVs if the C style variable argument list is -missing (NULL). Indicates if locale information has been used for formatting. +missing (NULL). When running with taint checks enabled, indicates via +C<maybe_tainted> if results are untrustworthy (often due to the use of +locales). void sv_catpvfn (SV* sv, const char* pat, STRLEN patlen, va_list *args, SV **svargs, I32 svmax, - bool *used_locale); + bool *maybe_tainted); -=item sv_vsetpvfn(sv, pat, patlen, args, svargs, svmax, used_locale) +=item sv_vsetpvfn Works like C<vcatpvfn> but copies the text into the SV instead of appending it. void sv_setpvfn (SV* sv, const char* pat, STRLEN patlen, va_list *args, SV **svargs, I32 svmax, - bool *used_locale); + bool *maybe_tainted); =item SvUV |